Data protection

Data protection

1. Introduction

This website is operated by: NeoCar Imperium.

It is very important to us to handle the data of our website visitors in a trustworthy manner and to protect it in the best possible way. For this reason, we make every effort to comply with the requirements of the GDPR.

Below we will explain to you how we process your data on our website. To do this, we use language that is as clear and transparent as possible so that you really understand what is happening with your data.

2. General information

2.1 Processing of personal data and other terms

Data protection applies when processing personal data. Personal means all data with which you can be personally identified. This is, for example, the IP address of the device (PC, laptop, smartphone, etc.) in front of which you are currently sitting. Such data is processed when 'something happens to it'. Here, for example, the IP is transmitted from the browser to our provider and automatically stored there. This is then processing (according to Art. 4 No. 2 GDPR) of personal data (according to Art. 4 No. 1 GDPR).

These and other legal definitions can be found in Article 4 GDPR.

2.2 Applicable regulations/laws – GDPR, BDSG and TTDSG

The scope of data protection is regulated by law. In this case, these are the GDPR (General Data Protection Regulation) as a European regulation and the BDSG (Federal Data Protection Act) as a national law.

The TTDSG also supplements the provisions of the GDPR as far as the use of cookies is concerned.

2.3 The person responsible

The person responsible for data processing on this website is the person responsible within the meaning of the GDPR. This is the natural or legal person who, alone or jointly with others, decides on the purposes and means of processing personal data.

You can reach the person responsible at:

NeoCar

Gartenstr. 3 07743 Jena

neo-car@gmx.de

2.4 This is how data is generally processed on this website

As we have already established, there is data (e.g. IP address) that is collected automatically. This data is primarily required for the technical provision of the homepage. If we use personal data or collect other data, we will inform you about this or ask for your consent.

You consciously share other personal data with us.

Detailed information on this can be found below.

2.5 Your Rights

The GDPR gives you comprehensive rights. These include, for example, free information about the origin, recipient and purpose of your stored personal data. You can also request the correction, blocking or deletion of this data or complain to the responsible data protection supervisory authority. You can revoke your consent at any time.

You can find out what these rights look like in detail and how they should be exercised in the last section of this data protection declaration.

2.6 Data protection – Our view

For us, data protection is more than just a chore! Personal data has great value and careful handling of this data should be a given in our digitalized world. In addition, as a website visitor, you should be able to decide for yourself what, when and by whom “happens” to your data. That's why we undertake to comply with all legal regulations, only collect the data we need and, of course, treat it confidentially.

2.7 Disclosure and Deletion

The sharing and deletion of data are also important and sensitive issues. We would therefore like to briefly inform you in advance about our general approach to this.

The data will only be passed on based on a legal basis and only if this is unavoidable. This can be the case in particular if it is a so-called processor and an order processing contract has been concluded in accordance with Art. 28 GDPR.

We will delete your data if the purpose and legal basis for processing no longer apply and there are no other legal obligations to prevent deletion. Article 17 GDPR also provides a 'good' overview of this.

Please refer to this data protection declaration for all further information and contact the person responsible if you have any specific questions.

2.8 Hosting

This website is hosted externally. The personal data collected on this website is stored on the host's servers. These include, on the one hand, the automatically collected and stored log files (see below for more information), as well as all other data that website visitors provide.

The external hosting is carried out for the purpose of providing our website securely, quickly and reliably and in this context serves to fulfill the contract with our potential and existing customers.

The legal basis for the processing is Article 6 Paragraph 1 Letters a, b and f GDPR, as well as Section 25 Paragraph 1 TTDSG, insofar as consent requires the storage of cookies or access to information on the website visitor's or user's end device in the sense of TTDSG includes.

Our hoster only processes data that is necessary to fulfill its service obligation and acts as our processor, which means that it is subject to our instructions. We have concluded a corresponding contract for order processing with our host.

We use the following hosters:

Shopify

Shopify International Limited, Victoria Buildings, 2nd Floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland

https://www.shopify.com/legal/privacy.

2.9 Legal basis

The processing of personal data always requires a legal basis. The GDPR provides for the following options in Article 6 Paragraph 1 Sentence 1:

a) The data subject has given his or her consent to the processing of personal data concerning him or her for one or more specific purposes;

b) the processing is necessary for the performance of a contract to which the data subject is party or in order to take steps prior to entering into a contract at the data subject's request;

c) the processing is necessary to fulfill a legal obligation the person responsible is subject to;

d) the processing is necessary to protect the vital interests of the data subject or another natural person;

e) the processing is necessary for the performance of a task that is in the public interest or in the exercise of official authority was transferred to the person responsible ;

f) the processing is to protect legitimate interests of the person responsible or of a third party is necessary, unless the interests or fundamental rights and freedoms of the data subject, which require the protection of personal data, outweigh this, in particular if the data subject is a child.

In the following sections we will provide you with the specific legal basis for the respective processing.

3. This happens on our website

Below you will find out what data is collected when you visit our website, for what purpose and on what legal basis.

3.1 Data collection when you access the website

When you access the website, information is automatically stored in so-called server log files. This is the following information:

Browser type and browser version

operating system used

Referrer URL

Host name of the accessing computer

Time of server request

IP address

This data is temporarily required in order to be able to display our website to you permanently and without any problems. In particular, this data serves the following purposes:

Website system security

System stability of the website

Troubleshooting the website

Establishing a connection to the website

Presentation of the website

Data processing is carried out in accordance with Article 6 Paragraph 1 Letter f of the GDPR and is based on our legitimate interest in processing this data, in particular the interest in the functionality of the website and its security.

If possible, this data is stored pseudonymously and deleted after the respective purpose has been achieved.

If the server log files enable the data subject to be identified, the data will be stored for a maximum period of 14 days. An exception exists when a safety-relevant event occurs. In this case, the server log files are stored until the security-related event has been eliminated and finally clarified.

Otherwise, it will not be merged with other data.

3.2 Cookies

3.2.1 General

This website uses so-called cookies. This is a data set, information that is stored in the browser of your device and is related to our website.

By setting cookies, the navigation of the website can be made easier for the visitor.

In our cookie consent tool you will find all information about the cookies that we use on our website (if necessary after your consent).

3.2.2 Reject cookies

You can manage all cookies that are not technically necessary directly using our cookie consent tool.

The setting of cookies can be prevented by adjusting your browser settings.

Here you will find the corresponding links to frequently used browsers:

Mozilla Firefox: https://support.mozilla.org/de/kb/cookies-und-website-daten-in-firefox-loschen?redirectslug=Cookies+l%C3%B6schen&redirectlocale=de

Google Chrome: https://support.google.com/chrome/answer/95647?co=GENIE.Platform%3DDesktop&hl=de

Microsoft Edge: https://support.microsoft.com/de-de/windows/l%C3%B6schen-und-verwalten-von-cookies-168dab11-0753-043d-7c16-ede5947fc64d

Safari: https://support.apple.com/de-de/guide/mdm/mdmf7d5714d4/web and https://support.apple.com/de-de/guide/safari/sfri11471/mac As long as you use another browser To use this, it is recommended to enter the name of your browser and 'Delete and manage cookies' in a search engine and follow the official link to your browser.

Alternatively, you can manage your cookie settings at www.aboutads.info/choices/ or www.youronlinechoices.com.

However, we must point out that comprehensive blocking/deleting of cookies can lead to impairments in the use of the website.

3.2.3 Technically necessary cookies

We use technically necessary cookies on this website so that our website functions error-free and in accordance with applicable laws. They help make the website user-friendly. Some functions of our website cannot be displayed without the use of cookies.

Depending on the individual case, the legal basis for this is Article 6 Paragraph 1 Letters b, c and/or f GDPR.

3.2.4 Cookies that are not technically necessary

We also use cookies on our website that are not technically necessary. These cookies are used, among other things, to analyze the surfing behavior of the website visitor or to offer functions of the website that are, however, not technically necessary.

The legal basis for this is your consent in accordance with Article 6 Paragraph 1 Letter a GDPR.

Cookies that are not technically necessary are only set with your consent, which you can revoke at any time in the cookie consent tool.

3.3 Data processing through user input

3.3.1 Own data collection

We offer the following service on our website: Sales online shop.

For this purpose we collect the following data:

Surname

e-mail address

address

Telephone number

Account details

The legal basis for this data processing is Article 6 Paragraph 1 Letter b GDPR.

The data will be deleted as soon as the respective purpose no longer applies and it is possible in accordance with the legal requirements.

3.3.2 Contacting us

a) e-mail

If you contact us by email, we process your email address and, if necessary, other data contained in the email. These are stored on the mail server and partly on the respective end devices. Depending on the issue, the legal basis for this is usually Article 6 Paragraph 1 Letter f GDPR or Article 6 Paragraph 1 Letter b GDPR. The data will be deleted as soon as the respective purpose no longer applies and it is possible in accordance with the legal requirements.

b) phone

If you contact us by telephone, the call data may be stored pseudonymously on the respective device and by the telecommunications provider used. Personal data collected during the telephone call will only be processed to process your request. Depending on the issue, the legal basis for this is usually Article 6 Paragraph 1 Letter f GDPR or Article 6 Paragraph 1 Letter b GDPR. The data will be deleted as soon as the respective purpose no longer applies and it is possible in accordance with the legal requirements.

c) contact form

We offer a contact form. This is used to contact our company.

In this form we usually process your first and last name, your telephone number, your email address, a postal address and the content of the message. The data is stored on our web server and forwarded internally to the relevant email addresses.

The legal basis for data processing is Article 6 Paragraph 1 Letters b and f GDPR, as it serves to carry out (pre-)contractual measures at your request and we have a legitimate interest in carrying out our business activities .

We delete this data no later than 3 months after receipt, unless it is needed for a contractual relationship that has arisen.

We bind the contact form from

Shopify

Shopify International Limited, Victoria Buildings, 2nd Floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland

https://www.shopify.com/legal/privacy.

on our website.

3.4 Cookie Consent Tool

3.4.1. GDPR Legal Cookies by Shopify

To ensure that only cookies for which there is a legal basis are set on our website, we use the consent management tool GDPR Legal Cookie by Shopify from beeclever GmbH, Friedrich-Mohr-Straße 1, 56070 Koblenz, Germany.

This service is used to obtain the consent of the website visitor to the storage of certain cookies in his/her browser or the use of certain technologies and to document this in accordance with data protection regulations.

When you access this website, the consent given by the website visitor or the revocation of consent is stored as a beeclever GmbH cookie in the website visitor's browser. For this purpose, a connection is established to the beeclever GmbH servers.

The legal basis is Article 6 Paragraph 1 Letter c GDPR. beeclever GmbH is used to obtain the legally required consent for the use of cookies.

The collected data will be stored until the website visitor requests deletion or deletes beeclever GmbH itself or the purpose for storing the data no longer applies. The mandatory statutory retention periods remain unaffected by this.

3.5 Website modular system

3.5.1 Shopify

We use Shopify to create our website. This is a service of Shopify International Limited, Victoria Buildings, 2nd Floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland.

With this service we can display our online shop.

Shopify uses cookies, among other things, for security when browsing and to prevent cross-site request forgery (session cookies), as well as for secure transactions.

The service is technically necessary to display our website. The legal basis for processing is Article 6 Paragraph 1 Letter f GDPR.

We have concluded an order processing agreement with Shopify. The data collected on our website is processed on Shopify’s servers. If the data is passed on to Shopify Inc. in Canada, the EU Commission's adequacy decision applies. If the data is passed on to Shopify Inc. in the USA, the standard contractual clauses apply.

Further information:

https://www.shopify.de/legal/datenschutz.

3.6 Payment Services

3.6.1 Paypal

We use PayPal on our website. PayPal is a payment service provider. This service is offered by PayPal (Europe) Sarl et Cie, SCA, 22-24 Boulevard Royal, L-2449 Luxembourg.

For the purpose of payment processing, the payment data of the website visitor is processed by the payment service provider as soon as a purchase is made via this website. The respective contractual and data protection regulations of the payment service provider apply to the respective transaction.

The legal basis is Article 6 Paragraph 1 Letter b GDPR. The data is processed for the purpose of (pre-)contractual obligations.

We also have a legitimate interest in processing this data within the meaning of Article 6 (1) (f) GDPR in order to ensure a quick and reliable payment process.

When data is transferred to the USA, the EU Commission's Standard Contractual Clauses (SCC) apply.

https://www.paypal.com/de/webapps/mpp/ua/pocpsa-full.

3.6.2 Apple Pay

We use Apple Pay on this website. Apple Pay is a payment service provider. This service is offered by Apple Inc., Infinite Loop, Cupertino, CA 95014, USA.

For the purpose of payment processing, the payment data of the website visitor is processed by the payment service provider as soon as a purchase is made via this website. The respective contractual and data protection regulations of the payment service provider apply to the respective transaction.

The legal basis is Article 6 Paragraph 1 Letter b GDPR. The data is processed for the purpose of (pre-)contractual obligations.

We also have a legitimate interest in processing this data within the meaning of Article 6 (1) (f) GDPR in order to ensure a quick and reliable payment process.

More details:

https://www.apple.com/legal/privacy/de-ww/.

3.6.3 Google Pay

We use Google Pay on this website. Google Pay is a payment service provider. This service is offered by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

For the purpose of payment processing, the payment data of the website visitor is processed by the payment service provider as soon as a purchase is made via this website. The respective contractual and data protection regulations of the payment service provider apply to the respective transaction.

The legal basis is Article 6 Paragraph 1 Letter b GDPR. The data is processed for the purpose of (pre-)contractual obligations.

We also have a legitimate interest in processing this data within the meaning of Article 6 (1) (f) GDPR in order to ensure a quick and reliable payment process.

More details:

https://policies.google.com/privacy.

3.6.4 Shopify Payments

This website uses Shopify Payment. Shopify Payment is a payment service provider. This service is offered by Shopify International Limited, 2nd Floor Victoria Buildings, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland.

For the purpose of payment processing, the payment data of the website visitor is processed by the payment service provider as soon as a purchase is made via this website. The respective contractual and data protection regulations of the payment service provider apply to the respective transaction.

The legal basis is Article 6 Paragraph 1 Letter b GDPR. The data is processed for the purpose of (pre-)contractual obligations.

We also have a legitimate interest in processing this data within the meaning of Article 6 (1) (f) GDPR in order to ensure a quick and reliable payment process.

More details:

https://www.shopify.de/legal/datenschutz.

3.6.5 American Express

We use American Express on this website. American Express is a payment service provider. This service is offered by American Express Europe SA, Theodor-Heuss-Allee 112, 60486 Frankfurt am Main, Germany.

For the purpose of payment processing, the payment data of the website visitor is processed by the payment service provider as soon as a purchase is made via this website. The respective contractual and data protection regulations of the payment service provider apply to the respective transaction.

The legal basis is Article 6 Paragraph 1 Letter b GDPR. The data is processed for the purpose of (pre-)contractual obligations.

We also have a legitimate interest in processing this data within the meaning of Article 6 (1) (f) GDPR in order to ensure a quick and reliable payment process.

American Express may transfer the data to the parent company in the USA. American Express has Binding Corporate Rules (BCR) for this purpose.

More details:

https://www.americanexpress.com/de/legal/online-datenschutzerklarung.html.

3.6.6 Mastercard

We use Mastercard on this website. Mastercard is a payment service provider. This service is offered by Mastercard Europe SA, Chaussée de Tervuren 198A, B-1410 Waterloo, Belgium.

For the purpose of payment processing, the payment data of the website visitor is processed by the payment service provider as soon as a purchase is made via this website. The respective contractual and data protection regulations of the payment service provider apply to the respective transaction.

The legal basis is Article 6 Paragraph 1 Letter b GDPR. The data is processed for the purpose of (pre-)contractual obligations.

We also have a legitimate interest in processing this data within the meaning of Article 6 (1) (f) GDPR in order to ensure a quick and reliable payment process.

Mastercard can transfer the data to the parent company in the USA. Mastercard has Binding Corporate Rules (BCR) for this purpose.

More details:

https://www.mastercard.us/content/dam/mccom/global/documents/mastercard-bcrs.pdf

https://www.mastercard.de/de-de/datenschutz.html.

3.6.7 Visas

We use VISA on this website. VISA is a payment service provider. This service is offered by Visa Europe Services Inc., London branch, 1 Sheldon Square, London W2 6TT, Great Britain.

For the purpose of payment processing, the payment data of the website visitor is processed by the payment service provider as soon as a purchase is made via this website. The respective contractual and data protection regulations of the payment service provider apply to the respective transaction.

The legal basis is Article 6 Paragraph 1 Letter b GDPR. The data is processed for the purpose of (pre-)contractual obligations.

We also have a legitimate interest in processing this data within the meaning of Article 6 (1) (f) GDPR in order to ensure a quick and reliable payment process.

When data is transferred to the USA, the EU Commission's Standard Contractual Clauses (SCC) apply.

More details:

https://www.visa.de/USE Conditions/visa-privacy-center.html.

4. This is also important

Finally, we would like to inform you in detail about your rights and tell you how you will be informed about changes to data protection requirements.

4.1 Your rights in detail

4.1.1 Right to information according to Art. 15 GDPR

You can request information about whether your personal data is being processed. If this is the case, you can request further information about how the data is processed. A detailed list can be found in Article 15 Paragraph 1 Letters a to h GDPR.

4.1.2 Right to correction according to Art. 16 GDPR

This right includes the correction of inaccurate data and the completion of incomplete personal data.

4.1.3 Right to deletion according to Art. 17 GDPR

This so-called 'right to be forgotten' gives you the right, under certain conditions, to request that the person responsible delete your personal data. This is generally the case if the purpose of data processing no longer applies, if consent has been revoked or if the initial processing took place without a legal basis. A detailed list of reasons can be found in Article 17 Paragraph 1 Letters a to f GDPR. This “right to be forgotten” also corresponds to the duty of the person responsible under Article 17 (2) GDPR to take appropriate measures to bring about a general deletion of the data.

4.1.4 Right to restriction of processing according to Art. 18 GDPR

This right is linked to the conditions set out in Article 18 Paragraph 1 Letters a to d.

4.1.5 Right to data portability according to Art. 20 GDPR

This regulates the fundamental right to receive your own data in a common form and to transmit it to another person responsible. However, this only applies to data processed based on consent or contract in accordance with Article 20 Paragraph 1 Letters a and b and to the extent that this is technically feasible.

4.1.6 Right to object according to Art. 21 GDPR

In principle, you can object to the processing of your personal data. This applies in particular if your interest in objecting outweighs the legitimate interest of the controller in the processing and if the processing relates to direct advertising and/or profiling.

4.1.7 Right to “decision in individual cases” according to Art. 22 GDPR

In principle, you have the right not to be subject to a decision based solely on automated processing (including profiling) which produces legal effects concerning you or similarly significantly affects you. However, this right also finds restrictions and additions in Article 22 Paragraphs 2 and 4 GDPR.

4.1.8 Other rights

The GDPR includes comprehensive rights to inform third parties about whether or how you have asserted rights under Articles 16, 17, 18 GDPR. However, this is only to the extent that this is possible or can be carried out with reasonable effort.

At this point we would like to remind you of your right to revoke your consent in accordance with Art. 7 Para. 3 GDPR. However, this does not affect the lawfulness of the processing carried out up to that point.

We would also like to point out your rights according to §§ 32 ff. BDSG, the content of which is largely the same as the rights just described.

4.1.9 Right to complain according to Art. 77 GDPR

You also have the right to complain to a data protection supervisory authority if you believe that processing of your personal data violates this regulation.

5. What if GDPR is abolished tomorrow or other changes take place?

The current status of this data protection declaration is November 28, 2023. From time to time it is necessary to adapt the content of the data protection declaration in order to respond to actual and legal changes. We therefore reserve the right to change this data protection declaration at any time. We will publish the modified version in the same place and recommend that you read the data protection declaration regularly.